Iconix Issued Tenth Patent

November 30, 2018

The United States Patent and Trademark Office has issued Iconix’s tenth patent titled “Authenticating and Confidence Marking E-Mail Messages.”

Learn more at our new blog.


Iconix Issued Ninth Patent for Email

September 4, 2018

The United States Patent and Trademark Office has issued Iconix’s ninth patent titled “Rapid Identification of Message Authentication.”


Learn more at our new blog.

Iconix OpEd Published in Infosecurity Magazine

June 13, 2018

Today our OpEd, DMARC Will Not Make Email Secure, was published in Infosecurity Magazine. We hope you find it interesting.

Iconix Issued Seventh U.S. Patent For Email

September 24, 2015

ICONIX, Inc., the industry leader in visual email solutions, announced on September 15, 2015, that the United States Patent and Trademark Office has issued Iconix’s seventh patent titled “User interface for email inbox to call attention differently to different classes of email.” The abstract for U.S. Patent 9,137,048, dated September 15, 2015, states: “Sender emails have their Truemarks (icons) displayed in the sender column of a list view” and “fraudulent emails have a fraud icon displayed with a warning in the sender column.”


Learn more at our new blog.

Iconix Issued Sixth U.S. Patent For Email

December 17, 2014

On December 2, 2014, the United States Patent and Trademark Office issued Iconix its sixth patent titled “RAPID IDENTIFICATION OF MESSAGE AUTHENTICATION.” The abstract for U.S. Patent 8,903,742, dated December 2, 2014, states: “Techniques are presented for uniquely identifying authentication associated with messages.” Iconix filed the patent on October 10, 2011.

8903742 cover sheet

Learn more at our new blog.

New Blog Location

June 20, 2013

We recently revised our website.  Our blog is now integrated into our website.  You can find our blog at:


We appreciate your loyal readership and hope that you will continue to read our blog at its new location.

DMARC Goes Live

January 31, 2012

Yesterday, dmarc.org released the new DMARC standard for email.  Contributors to the DMARC standard include Agari, American Greetings, AOL, Bank of America, Cloudmark, Comcast, Facebook, Fidelity Investments, Google, LinkedIn, Microsoft, PayPal, Return Path, TDP, and Yahoo!.

DMARC stands for “Domain-based Message Authentication, Reporting & Conformance.”  DMARC provides important extensions to the existing email authentication standards by providing automated and standardized methods to process messages that fail email authentication. DMARC explains the significance of this enhancement:

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

Let’s look at an example. If a phisher spoofs “paypal.com”, the real email address of PayPal, the bad guy cannot send email from PayPal’s email servers. Because the bad guy can’t use the real email servers, the fake paypal.com email will fail authentication. Before DMARC, webmail services such as Hotmail, Yahoo! Mail, AOL, Mail and Gmail lacked a systematic way for senders to tell them what to do with emails that failed authentication. This is where DMARC comes into play. If PayPal is using DMARC, webmail providers will know that PayPal wants them to reject the fake “paypal.com” email.

Let’s look at another example. What does DMARC do if a phisher uses a deceptive email address instead of “paypal.com”?  Consider the example of paypa1.com, where the last letter is really the number one instead of the letter el. Because the deceptive domain is not paypal.com, the deceptive domain is not governed by the authentication records of the paypal.com or the DMARC instructions for paypal.com. The authentication records and DMARC instructions for paypal.com govern only paypal.com and not the other hundreds of millions of domains that exist and will be created. DMARC will have no impact on paypa1.com emails.

While DMARC can deny bad guys the use of the actual domains of trusted senders, DMARC cannot stop bad guys from using domains that are not the actual domains of trusted senders. DMARC will not stop pay-pal.com, fasebook.com, or the myriad of other deceptive domains that bad guys will dream up. DMARC is useful because it:

  • allows senders to specify handling policies about messages that fail authentication, and
  • provides feedback that can help senders improve their authentication accuracy,

but it only addresses one of many doors that phishers use to get into the inbox.

To deal with all the doors leading to your inbox , you need more. You need a service that can distinguish real from fake for leading consumer brands, regardless of the methods that phishers use. You need eMail ID from Iconix.

Know Who. No Doubt. Use eMail ID.

%d bloggers like this: